summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKali Kaneko <kali@leap.se>2017-07-18 11:54:29 -0400
committerKali Kaneko <kali@leap.se>2017-07-18 11:54:29 -0400
commit4fd64892c777a30816c24bf2926ba210b442c86b (patch)
tree15b4341117556411950063caeb1a9765825287b6
parentd448fbe951c823d2a79aee6292bb942afa2ee6dc (diff)
[pkg] cover corner case with scrypt path
there is a combination that was failing, with a recent-enough version of cryptography coming from jessie-backports (>1.0), but still being linked to openssl 1.0 which does not have a usable scrypt backend. with this commit we fallback on doing scrypt using python's scrypt package.
-rw-r--r--src/leap/soledad/client/_scrypt.py18
1 files changed, 13 insertions, 5 deletions
diff --git a/src/leap/soledad/client/_scrypt.py b/src/leap/soledad/client/_scrypt.py
index 03dcab40..674fabd7 100644
--- a/src/leap/soledad/client/_scrypt.py
+++ b/src/leap/soledad/client/_scrypt.py
@@ -18,18 +18,26 @@
try:
from cryptography.hazmat.backends.interfaces import ScryptBackend
from cryptography.hazmat.backends import default_backend
+ from cryptography.exceptions import UnsupportedAlgorithm
backend = default_backend()
OPENSSL_HAS_SCRYPT = isinstance(backend, ScryptBackend)
except ImportError:
OPENSSL_HAS_SCRYPT = False
+def _fallback_hash(secret, salt, buflen=32):
+ import scrypt
+ return scrypt.hash(secret, salt, buflen=buflen)
+
if OPENSSL_HAS_SCRYPT:
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
def hash(secret, salt, buflen=32):
- return Scrypt(salt, buflen, 16384, 8, 1, backend).derive(secret)
-else:
- import scrypt
+ try:
+ _hash = Scrypt(
+ salt, buflen, 16384, 8, 1, backend).derive(secret)
+ except UnsupportedAlgorithm:
+ _hash = _fallback_hash(secret, salt, buflen)
+ return _hash
- def hash(secret, salt, buflen=32):
- return scrypt.hash(secret, salt, buflen=buflen)
+else:
+ hash = _fallback_hash